The Maintenance burden of WordPress
One of the main criticisms for WordPress is the maintenance burden. WordPress plugins, themes and WordPress itself have frequent updates. Fail to update these regularly and your site is less secure and more vulnerable to hacking. Whats the best way of dealing with this? Some critics would say don’t use WordPress at all and just use something else (Craft says this a lot!)
WordPress is Ubiquitous so it’s a target
WordPress powers about a 40% of websites on the internet. This ubiquity draws attention and is largely the reason why it’s targeted more than some other CMSs. It’s not that it’s inherently less secure it’s just more well known and more targeted.
The plugins are also widely varying in quality and security levels.
Still, even if it’s not just a WordPress issue, we still have the maintenance burden to contend with.
Update Regularly
So how to deal with this? One option is just treat it like a chore and stay on top of it. Login at least once a month and hit that update all button.
The key to this, is having backups. Most hosting services offer daily backups as standard and it’s usually something like 30 days of backups.
With backups in place, you can hit update and not have to worry about that very rare edge case where it breaks your site. If it does, just reinstate the backup and then your site is back up and running and someone can investigate the reason why a plugin causes problems in a calm and measured way.
Auto updates
These days I take it a step further than this. I just set everything to auto update. Plugins, the WordPress core – anything that will let me.
Again, backups do a lot of the heavy lifting here should anything go wrong. More than this though, by updating frequently and automatically it’s much easier to pinpoint why and why things go wrong.
If you update plugins manually and forget to do it for 6 months, and then run a load of updates and it falls over, what caused it? A plugin might have had 4 updates since then. Was it the first update that broke your site? The third one?
By keeping in top of it constantly you always know it was the very latest changes that caused problems and this helps immensely in fixing it.
So whether you do it manually or automatically, the trick is to do it regularly. If you are frequently updating your site then maybe doing it manually is right for you. If you see these little red update icons just go for it every time.
If you leave your site for long periods without logging in then auto updates may serve you well.
Maintenance Contracts
The third option is to pay someone (like me!) to do the updates for you. If your site is really small then this is highly likely a waste of money.
I only tend to do maintenance contracts if there are other updates to the site other than literally just clicking an update button. People are paying me to write new code or new features or tweaking page layouts which makes a lot more sense.
As few plugins as possible
The final thing to do say, is that you should have as few plugins installed as possible. The reason I can leave my sites on auto update and they keep on ticking over is because I only use a handful of heavily road tested plugins.
If you start installing plugins to add functionality to your site, then know there is a cost to that! If you add big bits of functionality with just one click of a button, then there is going to be a trade off.
You *might* get away with it, but odds are when it comes to update time that it’s going to be that twitter feed plugin with 200 active installs and zero reviews that makes your site implode. If you really absolutely must install some new plugins, then always pick ones with good reviews and as many active installs as possible. For some niche plugins maybe in the thousands is OK, but for regular plugins you want ideally in the hundreds of thousands of active installs if not millions.
